Azure Policy - Configure backup on virtual machines with a given tag
I wonder if somebody could sanity check something for me with this please in case it's something I could be missing. We have this existing policy configured in a customers tenant (https://www.azadvertizer.net/azpolicyadvertizer/345fa903-145c-4fe1-8bcd-93ec2adccde8.html After creating a VM and allocating the correct tag etc. it didn't automatically have the backup policy assigned to it. With the policy assignment itself it didn't even appear as a non-compliant resource. I went through the checks to make sure it was the same region, correct tag, correct rsv and policy, which all appeared to look fine. When remediating it still wasn't pulling the resource through. When I went into the definition detail to see what could be amiss, I noticed the list of WindowServer image SKU's that were listed (image attached here https://i.stack.imgur.com/1YPpM.png. As I was sanity checking everything, I looked at the VM to see that the SKU wasn't actually in this list (2019-datacenter-smalldisk-g2). As every SKU is listed specifically it makes me think this image has just been missed off and needs adding? Rather than it getting captured by one of the SKU's listed. I can add the VM manually to the existing RSV for now but for future ref, is there a way I can raise this if my findings are indeed correct?
Replicate workload from VMWare to Azure using Azure Site Recovery(ASR)
Hello, I am working on a project to replicate worklooad hosted on a VMWare to Azure Site Recovery for disaster recovery purpose. Current Environment: More than 80 VMs hosted on VMWare managed by VMWare Sphere running both Linux and Windows OS.. Databases: Oracle DB, Microsoft SQL and MySQL Requirements: seamless failover and disaster recovery requirements. scalable setup No down-time integrate identity and access mgt. integration with Microsoft Entra ID. RTO < 2 hrs and RPO > 15 minutes Backup: critical database backup every 3 hours App servers: Daily*incremental) and weekly (full) Transaction Logs: every 10 mins backup config. should be Daily Questions I have confirmed ASR supports fail back from Azure- on premise(VMWare specifically). Hence ASR(Azure site recovery) will be used for the project. However, what is the seamless method to replicate the databases(Oracle, Microsoft SQL and MySQL). https://learn.microsoft.com/en-us/azure/site-recovery/vmware-azure-failback What is the best approach to replicate the Application Servers? integrating existing on-premise 3rd party network security tool for firewall etc instead of the azure cloud native security tool. recommendation?? cost optimization techniques/recommendations Best practices for conducting non-destructive DR drills.
General Availability of Azure Backup vaulted support for Azure Files Premium (SSD) shares
Whether you're an enterprise IT administrator or a cloud-native developer, ensuring data protection and resiliency is non-negotiable, especially when running mission-critical workload on Azure Files Premium (SSD) shares. We’re thrilled to announce the General Availability of vaulted backup support with Azure Backup for Azure Files Premium (SSD) shares. This new capability brings enterprise-grade data protection to production scale workloads running on Azure Files SSD. IT professionals and decision-makers can now leverage Azure Backup to safeguard SSD premium file shares with the same ease and robustness previously available for standard (HDD) shares, closing a key gap in Azure’s data protection offerings. This release of Azure Backup introduces support for Premium SMB file shares, providing immutable and offsite backups designed to defend against ransomware, accidental deletion, and regional outages. This solution offers long-term retention, granular restores, and geo-redundant storage vault for cross region backup and restore, all of which can be centrally managed via Azure Backup. Some customers have utilized this capability since its preview. Below is a statement from Swisscom regarding this integration. Implementing Azure Backup for our premium file shares has significantly enhanced our data protection strategy. With nearly 7 TB of critical data securely backed up, we now have peace of mind knowing our information is resilient against accidental deletion and ransomware threats. The seamless integration and scalability of Azure Backup make it an essential part of our cloud infrastructure. --Swisscom Azure Backup capabilities enabled for Premium File share Cross-Region Recovery for Resilience Across Azure Regions One of the standout features of using Azure Backup with a Recovery Services vault is the ability to leverage Geo-Redundant Storage (GRS) for your backups. Cross-Region Recovery refers to the capability to restore your data in an alternate Azure region if the primary region becomes unavailable. This is an essential part of disaster recovery planning, especially for scenarios like region-wide outages or natural disasters Built-In Resiliency with 3-2-1 Backup Rule Azure Backup’s approach to protecting Premium Files inherently aligns with the industry-standard “3-2-1” backup rule, a best practice for ensuring data durability and recoverability. By configuring a Geo-Redundant Storage (GRS) vault, Azure Backup ensures, 3 copies of your data are maintained and stored across 2 different types of storage locations with at least 1 copy offsite, in a remote Azure region Security, Ransomware Protection, and Compliance Imagine an organization’s file share is hit with ransomware, with Azure Backup you have an untouched copy in the recovery services vault isolated from primary and snapshots in case malware dint delete them. In such a scenario, Azure Backup enables you to restore the last clean recovery point of the file share (either overriding the share or to a new location for analysis), and resume operations without paying any ransom. This has saved organizations millions of dollars and is a fundamental pillar of a good cyber recovery strategy Let’s now look at few scenarios where this integration may be applied. Profile data storage in VDI setups Azure Files SSD (Premium) is the recommended storage backend for FSLogix profiles in Azure Virtual Desktop (AVD), Citrix, and VMware Horizon environments. It enables persistent user profile storage and supports dynamic application delivery via App Attach. Vaulted backups ensure profile data is protected against accidental deletion and ransomware threats Application Storage Premium SMB shares are used to support Windows-based applications such as SQL Server, ERP systems, and custom line-of-business apps that rely on Win32 or .NET file system APIs. Azure Backup provides secure, off-site protection for these critical workload Cloud-Native Workloads Customers migrating from legacy NAS solutions to Azure Files benefit from cloud-native storage with built-in backup and DR capabilities. This is especially valuable for SMB workloads running in containerized environments like Azure Kubernetes Service (AKS) Hybrid Scenarios with Azure File Sync Azure File Sync enables caching and syncing between on-premises servers and cloud shares. Vaulted backups extend protection to such hybrid environments, ensuring data durability and compliance across distributed infrastructures Getting started Here are three simple steps to help you get started with configuring vaulted backup for Azure File shares: Create a Recovery services vault: A vault is a management entity that stores backups and allows you to access and manage them. Create a backup policy: Backup policy enables you to configure the frequency and retention of backups based on your business requirements. Select the storage account and File shares to backup: You can choose to back up all File shares or select specific File shares from the selected storage account depending on the criticality of the data they contain. Go ahead and select vault tier in your backup policy to improve the security posture of Azure Files data in these regions with a native, managed and secure offsite backup solution, strengthening business continuity and disaster recovery strategy for mission critical applications. Learn more about vaulted backup for Azure file share here. Resources for further reading Azure Files documentation | Microsoft Learn, secure, and serverless enterprise-grade cloud file shares. Azure Files Backup Overview: “About Azure Files backup – Azure Backup” – explains the architecture, benefits, and costs in detail Backup Support Matrix: Lists supported scenarios and limits for Azure Files backup. Azure Backup pricing– for the latest costs of protected instances and storage, and the Azure Pricing Calculator for scenario-based estimates
Mine your Azure backup data, it could save you 💰💡
Your data has a story to tell. Mine it, decipher it, and turn it into actionable outcomes. 📊🔍 Azure backups can become orphaned in several ways (I'll dive into that in a future post). But here’s a key point: orphaned doesn’t always mean useless, hence the word “Potential” in the title of my Power BI report. Each workload needs to be assessed individually. If a backup is no longer needed, you might be paying for it - unnecessarily and unknowingly. 🕵️♂️💸 To uncover these hidden costs, I combined data from the Azure Business Continuity Center with a PowerShell script I wrote to extract LastBackupTime and other metadata. This forms the foundation of my report, helping visualize and track backup usage over time. This approach helped me identify forgotten one-time backups, VMs deleted without stopping the backup, workloads excluded due to policy changes, and backups left behind after resource migrations. If you delete unneeded backups and have soft-delete enabled, the backup size drops to zero and Azure stops charging for it. ✅🧹 💡 Do your Azure backups have their own untold story to tell? 📸 Here's a snapshot of my report that helped me uncover these insights 👇Azure Storage
You've asked for something about Azure Storage, and there's a wealth of information both from your own work and from trusted external sources. Here's a tailored overview that blends your contributions with broader context: 🔹 What Is Azure Storage? Azure Storage [1] is Microsoft’s cloud-based solution for storing modern data workloads. It offers: High availability and durability through redundancy and geo-replication. Massive scalability to support everything from small apps to enterprise-scale systems. Security with built-in encryption and fine-grained access control. Global accessibility via REST APIs, SDKs, Azure CLI, and Azure Storage Explorer. Azure Storage supports multiple data services: Azure Blob Storage: For unstructured data like images, videos, and backups. Azure Files: Managed file shares accessible via SMB or NFS. Azure Queues: For message-based communication between components. Azure Tables: A NoSQL store for structured data. Azure Disks: Persistent block storage for Azure VMs. Azure Elastic SAN and Azure Container Storage: For advanced storage orchestration and container-native workloads. 🔹 Your Contributions on Azure Storage You've made significant contributions to the Azure community, especially through your blog and event series: In your MVP Contributions tracker, you’ve documented multiple sessions and blog posts covering: Types of Azure Storage (e.g., Blob, File, Queue, Table) [2] Cost optimization strategies for Azure Storage [2] Azure Files and file sharing capabilities [2] Your presentation A COMPREHENSIVE GUIDE TO AZURE COST MANAGEMENT dives into how Azure Storage fits into broader cloud cost strategies, emphasizing budget control, resource allocation, and ROI [3]. 🔹 Practical Use Cases Azure Storage is ideal for: Backup and disaster recovery with geo-redundant storage. Big data analytics using Data Lake Storage. Web and mobile app content delivery via Blob Storage. Enterprise file sharing with Azure Files. IoT and telemetry ingestion using Queues and Tables. Would you like help turning this into a blog post, presentation, or training module? I can also summarize your past Azure Storage sessions or help you prepare new ones. References [1] Introduction to Azure Storage - Cloud storage on Azure [2] MVP Contributions [3] A COMPREHENSIVE GUIDE TO AZURE COST MANAGEMENT
Enhance Your Data Protection Strategy with Azure Elastic SAN’s Newest Backup Options
As organizations adopt Azure Elastic SAN for scalable high-performance storage, we are pleased to announce the public preview of backup support via Azure Backup and Commvault. These fully managed solutions simplify data protection for Elastic SAN volumes, automating backup scheduling, restore point management, and data recovery. They help safeguard your volumes against data loss scenarios such as accidental deletions, ransomware, and application errors. Both the integration of Azure Backup for Elastic SAN and Commvault’s integration with Elastic SAN are in public preview and available for everyone to use. Both of these integrations are powered by Elastic SAN’s crash-consistent, storage native snapshots. Learn more about Elastic SAN here! Azure Backup Release Highlights The public preview of Azure Backup for Elastic SAN introduces several important capabilities designed to enhance your data protection strategy: Operational Tier Backup with Independent Lifecycle Each backup operation creates a Managed Disk Incremental Snapshot of your Elastic SAN volume. These snapshots are stored in locally redundant storage (LRS) in supported regions and exist independently of the original volume’s lifecycle. This means your backups remain available for recovery even if the original Elastic SAN volume is deleted, ensuring reliable data protection. The Elastic SAN volumes can be restored from these managed disk snapshots that are backed up by Azure Backup. Vaulting, immutability, and other capabilities are on the roadmap and will be incorporated into subsequent releases. Daily Restore Points Azure Backup supports up to 450 restore points with a daily backup schedule. This high number of restore points provides robust short-term retention, allowing you to recover data quickly to any previous state within the retention period. It significantly reduces the risk of data loss due to accidental deletions or other incidents. Retaining backups over 450 days is not available in this preview. Simplified Management Customers pick the number of daily backups that they want to retain, and Azure Backup does the rest including creating new backups and deleting oldest backups to match the retention setting. Configuration and monitoring are integrated with the Azure Business Continuity Center, giving you a unified and streamlined management experience. This automation allows you to focus on your core business activities while Azure handles the complexity of data protection. Important Cost Information During the public preview, the following cost structure applies: The Azure Backup Protected Instance Fee for Elastic SAN volumes is not charged Charges for Managed Disk Incremental Snapshots in the operational tier apply at standard Azure rates. The first snapshot that is exported will be a full snapshot. In summary, Azure Backup for Elastic SAN delivers a powerful and comprehensive backup solution. With features such as independent lifecycle backups, high-frequency restore points, and simplified management, you can confidently protect your Elastic SAN volumes from a range of data loss scenarios. Try this new capability to experience enhanced data protection for your workloads. Commvault Release Highlights Protecting Azure Elastic SAN Volumes with Commvault Our partners at Commvault continue to deliver meaningful innovation through deep integration with Microsoft Azure. In the below writeup, Commvault showcases how Azure Elastic SAN volumes are now protected within Commvault’s platform—bringing unified, enterprise-grade protection to performance intensive Elastic SAN workloads. If you're exploring scalable, resilient cloud storage with built-in data protection, this is a valuable read. Here are highlights from Commvault on their added support for Elastic SAN protection Thanks to a close partnership between Commvault and Microsoft, organizations can now take advantage of robust backup and recovery for Azure Elastic SAN storage. This deep integration means you benefit from the trusted protection and unified management of Commvault’s platform, now extended to Azure’s high-performance, scalable Elastic SAN solution. As a result, you can easily safeguard your mission-critical workloads in the cloud while enjoying the flexibility, centralized management, and resilience that Elastic SAN provides. Designed for Scalable, Resilient Cloud Environments With Commvault’s integration, organizations can protect Azure Elastic SAN volumes attached to Azure virtual machines (VMs) using the same trusted platform they rely on for comprehensive data protection for many other Azure resources. Key capabilities include: Snapshot-based protection:IntelliSnap support enables rapid, low-impact backups that minimize performance impact on production systems. The number of snapshots that can be retained is configurable based on your storage plan. Commvault offers a day-based retention plan that defaults to 30 days but can be extended indefinitely. Alternatively, you can retain Elastic SAN snapshots based on a snapshot count as well. Flexible recovery options: Full-VM and attach-disk restores are supported, including cross-region backups and restores. In cross-region restores, Elastic SAN volumes are automatically restored as managed disks. Broad platform compatibility: Both Windows- and Linux-based VMs are supported. Elastic SAN volume discovery requires PowerShell on Windows or Python 3 on Linux. Deployment and Configuration Considerations For optimal performance and streamlined protection workflows, enterprises should consider the following implementation guidance linked below. App-consistent restore points for Elastic SAN volumes are not currently supported. Attach-disk restores to a VM will result in managed disks regardless of source (primary or secondary copy). ESAN volumes will need to be connected to the VM via iSCSI. Accelerate Cloud Confidence with Commvault Azure Elastic SAN represents a significant advancement in cloud storage architecture. With Commvault’s integrated protection, enterprises can deploy this powerful capability to help make sure their data remains secure, recoverable, and compliant. To learn more about protecting Azure workloads – including Elastic SAN – contact your Commvault account team or visit our Azure protection documentation. The requirements for using this integration can be found here. Conclusion The Azure Elastic SAN team is committed to supporting your backup needs and giving you peace of mind as you run workloads on Azure. With both Azure Backup and Commvault integrations, you have flexible options designed for different scenarios: Azure Backup is best suited for Azure-native, single volume snapshots, offering a 450-day retention period, seamless integration, and simplicity within the Azure ecosystem. Commvault, on the other hand, excels at providing backups for multiple volumes attached to the same VM, as well as advanced enterprise features like granular recovery, an indefinite retention period and robust retention management. If you have any questions about which solution is right for you, please contact us at AzElasticSAN-Ex@microsoft.com —we’re happy to help.AZ-500: Microsoft Azure Security Technologies Study Guide
The AZ-500 certification provides professionals with the skills and knowledge needed to secure Azure infrastructure, services, and data. The exam covers identity and access management, data protection, platform security, and governance in Azure. Learners can prepare for the exam with Microsoft's self-paced curriculum, instructor-led course, and documentation. The certification measures the learner’s knowledge of managing, monitoring, and implementing security for resources in Azure, multi-cloud, and hybrid environments. Azure Firewall, Key Vault, and Azure Active Directory are some of the topics covered in the exam.
Scaling Smart with Azure: Architecture That Works
Hi Tech Community! I’m Zainab, currently based in Abu Dhabi and serving as Vice President of Finance & HR at Hoddz Trends LLC a global tech solutions company headquartered in Arkansas, USA. While I lead on strategy, people, and financials, I also roll up my sleeves when it comes to tech innovation. In this discussion, I want to explore the real-world challenges of scaling systems with Microsoft Azure. From choosing the right architecture to optimizing performance and cost, I’ll be sharing insights drawn from experience and I’d love to hear yours too. Whether you're building from scratch, migrating legacy systems, or refining deployments, let’s talk about what actually works.Comparision on Azure Cloud Sync and Traditional Entra connect Sync.
Introduction In the evolving landscape of identity management, organizations face a critical decision when integrating their on-premises Active Directory (AD) with Microsoft Entra ID (formerly Azure AD). Two primary tools are available for this synchronization: Traditional Entra Connect Sync (formerly Azure AD Connect) Azure Cloud Sync While both serve the same fundamental purpose, bridging on-prem AD with cloud identity, they differ significantly in architecture, capabilities, and ideal use cases. Architecture & Setup Entra Connect Sync is a heavyweight solution. It installs a full synchronization engine on a Windows Server, often backed by SQL Server. This setup gives administrators deep control over sync rules, attribute flows, and filtering. Azure Cloud Sync, on the other hand, is lightweight. It uses a cloud-managed agent installed on-premises, removing the need for SQL Server or complex infrastructure. The agent communicates with Microsoft Entra ID, and most configurations are handled in the cloud portal. For organizations with complex hybrid setups (e.g., Exchange hybrid, device management), is Cloud Sync too limited?
